Apple to beef up iCloud security alerts after celeb photo hack
CEO Tim Cook tells the Wall Street Journal it will send email alerts and push notifications when someone tries to make password changes or try to restore data or login to an account on a new device.
Apple plans to bolster its iCloud security measures to prevent the hijacking of accounts like that associated with last weekend's release of a large cache of risque celebrity images, Apple CEO Tim Cook told the Wall Street Journal.
Cook told the newspaper that customers of the online storage service will receive an email alert and push notifications when someone tries to change an account password, restore data to a device not already associated with the account, or tries to login to an account with an unrecognized device. Previously, iCloud customers would receive an email alert when someone tried to change their account password or login from an unrecognized device; no notification was sent for data restoration.
The move, which will be instituted in two weeks, comes on the heels of several several nude images of celebrities being posted on to the image-based bulletin board 4chan. The images -- apparently taken from iCloud accounts belonging to actress Jennifer Lawrence, model Kate Upton, recording artist Ariana Grande, and others -- quickly spread across the Internet on social media.
While suspicion immediately fell on an iCloud security breach, Apple said Tuesday that the image release was the result of a targeted attack on individual accounts and not poor security on its part. Hackers targeted the user names and passwords, correctly answering security questions of the celebrities to obtain control of the accounts, Apple said.
While still denying that poor security architecture led to the image leak, Cook conceded that Apple could have done more to alert its customers of the dangers of hackers targeting their accounts and the need for strong password protection.
"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," he said. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."
Cook also said the company will increase its use of two-factor authentication, which adds a second level of authentication to an account login such as also using a code sent to a mobile device to log in to an account.
CNET has contacted Apple for more information on its plans and will update this report when we learn more.